Best way to store mnemonic on user browser localstorage

There will soon be a “MetaMask”-like browser extension (AlgoSigner) that allows to securely store keys and sign transactions.

If you need to store keys / mnemonic securely before the availability of AlgoSigner, in a production environment, one solution is to have them encrypted under a password that the user enters each time (and that is never sent to the server nor stored locally). I can provide more details if needed. But in short it is important to be careful about the following:

  • passwords must only be used to derive keys using password-based key derivation functions (PBKDF2, scrypt, argon2) with high enough number of iterations (tutorials on the Internet usually specify a low - insecure - number of iterations, the number of iterations must be such that the time it takes to derive the key is as high as acceptable). Never use directly a password as a key for encryption. Never hash a password and store the hash. The reason is that passwords are “low-entropy”: guessing passwords is possible so you must ensure that each guess takes a very long time.
  • always use cryptographically secure random number generator and never use Math.random
  • for encryption, you may want to use AES-CBC or AES-GCM. Be very careful about the initialization vector (IV) requirements. In all cases, the same IV must never be used twice. In particular, if you update an encrypted value, you must also choose a fresh new IV. Usually, choosing an IV randomly (using a cryptographically secure random number generator) is fine. Note however that AES-GCM should not be called more than 2^32 times with the same key when the IV is chosen uniformly at random.
2 Likes